Jump to content

MyEset account taken over


NewbyUser
Go to solution Solved by Nightowl,

Recommended Posts

  • ESET Insiders

Gotta say putting licensing details in something so easily taken over is a bad idea. If it was detected to be a strange login why would it be allowed? Come on Eset. Do better. Geez 

Link to comment
Share on other sites

  • ESET Insiders

Now I get the obvious email about my license being overused, couldn't have seen that coming lol.  Not impressed with Eset at the moment. I started a support ticket right after I was locked out. #00240573

Link to comment
Share on other sites

  • ESET Insiders

I believe I recovered the account. But there aren’t any devices that I don’t recognize. Not sure what happened. 

 

 

348CA520-9A8F-48A7-BA9E-26444A51B5CB.png

Edited by NewbyUser
Link to comment
Share on other sites

  • Most Valued Members
  • Solution

Reset passwords for everything related to your ESET account , including your email address , just to make sure you are not compromised in another places.

Link to comment
Share on other sites

  • Administrators

If you have re-used the password from these services, someone else could easily log into your my.eset.com account:

image.png

As already suggested above, reset your password to a unique one that is not easy to guess and that you don't use for login elsewhere.

Link to comment
Share on other sites

  • Administrators
6 minutes ago, peteyt said:

Hopefully 2FA will be soon. I have mentioned previously this will keep happening

This will help security-aware users who will enable it. However, these users usually don't recycle the password for accounts at various web services.

Link to comment
Share on other sites

  • ESET Insiders
1 hour ago, peteyt said:

Hopefully 2FA will be soon. I have mentioned previously this will keep happening

Yes, that would help. I have 2FA enabled where it is available for the most part. Fortunately the email account tied to myeest account is one of them.

Link to comment
Share on other sites

  • ESET Insiders
6 hours ago, Marcos said:

If you have re-used the password from these services, someone else could easily log into your my.eset.com account:

image.png

As already suggested above, reset your password to a unique one that is not easy to guess and that you don't use for login elsewhere.

Done. Yes I goofed, but so did eset by allowing a signin that was detected as being suspicious to begin with. Also 2FA should be implemented by now, it's allegedly been on the to do list for 6 months now  almost to the day.

 

Link to comment
Share on other sites

  • Most Valued Members
6 hours ago, NewbyUser said:

Done. Yes I goofed, but so did eset by allowing a signin that was detected as being suspicious to begin with. Also 2FA should be implemented by now, it's allegedly been on the to do list for 6 months now  almost to the day.

 

 

10 hours ago, Marcos said:

This will help security-aware users who will enable it. However, these users usually don't recycle the password for accounts at various web services.

 

6 hours ago, NewbyUser said:

Done. Yes I goofed, but so did eset by allowing a signin that was detected as being suspicious to begin with. Also 2FA should be implemented by now, it's allegedly been on the to do list for 6 months now  almost to the day.

 

I agree that those not security aware will probably not enable it in general. However with 2FA at least Eset would be doing their part. I suppose it's like saying don't open dodgy emails, people do but Eset has protections. I also find it strange that I'm sure I've seen it recommended to have 2FA enabled on posts on welivesecurity which is ran by Eset, yet eset is not using it itself.

Link to comment
Share on other sites

  • ESET Insiders
On 9/8/2021 at 4:21 PM, peteyt said:

 I also find it strange that I'm sure I've seen it recommended to have 2FA enabled on posts on welivesecurity which is ran by Eset, yet eset is not using it itself.

Stranger yet, they even have their own 2FA, for business users.

https://www.eset.com/my/business/two-factor-authentication/

Link to comment
Share on other sites

The type of 2FA I want is the same as my bank provides and it does not require a smart phone to use.

When I log onto my bank web site, it requires me to select which phone number I have registered with them to receive a text message from them that contains a 6 digit security code. I can also receive a voice call containing the code instead. They then send me the code to my "vintage" non-smart phone. I then enter the code on the web page and the logon to the full bank web site proceeds. 

Note the 2FA elements deployed. The first is valid user id and password. The second is a one-time use served up security code.

Edited by itman
Link to comment
Share on other sites

  • ESET Insiders
4 minutes ago, itman said:

The type of 2FA I want is the same as my bank provides and it does not require a smart phone to use.

When I log onto my bank web site, it requires me to select which phone number I have registered with them to receive a text message from them that contains a 6 digit security code. They then send me the code to my "vintage" non-smart phone. I then enter the code on the web page and the logon to the full bank web site proceeds. 

Note the 2FA elements deployed. The first is valid user id and password. The second is a one-time use served up security code.

Totally agree. I'm more shocked you have a "vintage" non-smart phone lol.

Link to comment
Share on other sites

  • ESET Insiders
1 minute ago, itman said:

Costs me $5 a month, that's why.

Like with real buttons? No screen? Didn't know they made any like that these days.

Link to comment
Share on other sites

Just now, NewbyUser said:

Like with real buttons? No screen? Didn't know they made any like that these days.

When I stated "vintage" I meant I purchased phone in 2003. It still works fine. It does have a browser but forget using it.

Link to comment
Share on other sites

  • 4 weeks later...
  • ESET Moderators
On 9/9/2021 at 11:11 PM, itman said:

The type of 2FA I want is the same as my bank provides and it does not require a smart phone to use.

When I log onto my bank web site, it requires me to select which phone number I have registered with them to receive a text message from them that contains a 6 digit security code. I can also receive a voice call containing the code instead. They then send me the code to my "vintage" non-smart phone. I then enter the code on the web page and the logon to the full bank web site proceeds.

I just stumbled upon this older thread and I need to add that SMS-based 2FA is not a good idea.

The mobile network was not built with security in mind, the text messages are sent in plain text, they can be easily spoofed or intercepted. You can google that, the internet is full of recommendations not to use that type.

A one-time password generated on the device, based on a secret seed, is a much secure option.

Link to comment
Share on other sites

On 10/4/2021 at 12:22 PM, TomasP said:

A one-time password generated on the device, based on a secret seed, is a much secure option.

+1

Edited by itman
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...